Skip to main content
close search
site logo
Dive Brief

Microsoft to extend California data privacy law across state lines

Published Nov. 12, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Ryan McKnight for CIO Dive

Dive Brief:

  • With the impending Jan. 1, 2020 enactment of the California Consumer Privacy Act (CCPA), Microsoft is applying the law to every U.S. customer, not just California residents, said Julie Brill, corporate VP for Global Privacy and Regulatory Affairs and Chief Privacy Officer at Microsoft, in an announcement
  • The CCPA requires transparency regarding data collection and use, as well as the right to opt out of data sales. As "exactly what will be required under CCPA to accomplish these goals is still developing," Microsoft will make changes accordingly as they are finalized, said Brill. 
  • The company will also help its enterprise customers become CCPA compliant, providing the tools necessary for the law's transparency requirements, according to the announcement. 

Dive Insight:

Digital giants, including Apple and Google, thrive off of disruption and are typically at the "pinnacle" of personalization. But personalization comes at a price: consumer data. 

As the tech industry waits with bated breath for an unlikely federal data privacy law, Microsoft's actions are meant to "demonstrate our commitment in the absence of Congressional action," said Brill. 

Before the EU's GDPR went into effect in May 2018, Microsoft pledged its commitment to extend the regulations to customers beyond the EU. The decision to do so was voluntary.

Because of this, customers already covered by Microsoft's GDPR application will likely find their rights are "stronger" than the CCPA, said Brill. 

Core differences between GDPR and the CCPA include the definition of a consumer. GDPR gives rights to data subjects, or "identified or identifiable natural person," according to the Future of Privacy Forum (FPF). The CCPA recognizes a consumer as a "natural person who is a California resident."

GDPR also applies to controllers, or a "natural or legal persons ... whether their activity is for profit or not" and processors, which are "entities that process personal data on behalf of controllers, according to FPF. The CCPA is for a business that is for-profit, collects consumer data, does business in California and has an annual gross revenue that exceeds $25 million. 

Companies that ingrain privacy into their core values are more desirable for customers to do business with, according to Bart Willemsen, VP analyst at Gartner, during the IT Symposium/Xpo in Orlando, Florida last month. It makes them more trustworthy. It's also a way for Microsoft to be ahead of the game when it comes to privacy legislation, something it's already involved in

In its home state, Washington, Microsoft supported an initial draft of a privacy bill, which later failed. Microsoft took the stance that customers should not have to manually opt out of data transactions, but rather it is the duty of tech companies to carry the burden of data privacy.

Advocacy groups, including the American Civil Liberties Union (ACLU), said the bill failed to wholly protect consumers, in part, because it was written by "technology companies themselves."

Recommended Reading

Filed Under: Corporate

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Corporate
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell